Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

XueCast writes "The federal government has announced that they will release new electronic Passport cards in either April or May 2008. The cards could be read wirelessly from up to 20 feet away, which could reduce the waiting time at border checkpoints. Deputy Assistant Secretary Of State For Passport Services, Ann Barrett said, "As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through.""

$45 for an insecure card that can be read from 20 feet away and cannot be used for air travel? Thanks but no thanks, maybe when they have one permitted for air travel and with (at least) a method of enabling/disabling reading.

It makes a lot more sense if you think of it in terms of total number of trips and not total number of countries. Many major U.S. cities are located along the border (San Diego, Detroit, and Buffalo to name a few). Also, ever been on a cruise? It takes 2-3 hours to get everyone off one of those big cruise ships because of the need to get 2000 people through customs at once. This sounds like it could speed that process up.

It makes a lot more sense if you think of it in terms of total number of trips and not total number of countries....It takes 2-3 hours to get everyone off one of those big cruise ships because of the need to get 2000 people through customs at once. This sounds like it could speed that process up.

About as helpful as a band-aid on a sucking chest wound.

The root cause of the problem isn't the number of people, i'ts the lame-ass system in the first place. It's a lot like DRM. People who want to enter the country for nefarious purposes will always have a variety of methods of entry that completely bypass these systems. But thosewho wish to enter legally have to jump through all the hoops. Essentially it punishes the law-abiding citizens and ignores the law breakers. Sure, the system will occasionally catch someone with a felony conviction in their home country who didn't know that would disqualify them from entry. But chances are, those people weren't up to no good, they were just on a trip like any other regular joe and denying them entry doesn't improve the situation at all.

Green Giant (bling!)If the Band-Aid were made for the Jolly Green Giant, then would be sealed, provided there's blood-proof adhesive tape.

But, seems to me, there will be facial recognition and gait matching records mixed in without card-carrier's consent/awareness. After all, at what point before customs officers' desks will electronic data be matched to the face of the card holder?

With a rush of 2,000 to 5,000 cruise liner PAX and more than in an hour (or even 15 minutes) at major airport, that's way too m

Customs isn't mainly for crime, its for economics. At least at the canadian border, i see people held back all the time because they brought too many goods over and the receiving side wants to tax their stuff. The next thing they're worrying about is foreign food that could introduce diseases.

You're right that this is useless tech however. It takes about 4 seconds for a border officer to process your passport. The reason there are bottlenecks at ports of entry is because there tends to be a maximum of two border agents for every 50 people trying to cross.

Wouldn't it be almost as fast, and WAY more secure to just have passport 'reading' machines placed before the examiners, where you either swipe or place the passport in the device in some way. That gives the 'system' extra time retrieve any information for the passport examiner, but there is NEVER going to be this mythical 'wave-through'.There always has to be a delay for the immigration officer to a) verify that the physical person matches the person described by the passport and b) why they are coming an

I don't know why governments have such a hard-on for passports and other identifiers [like drivers licenses] to be accessible wirelessly.

My guess is there will be eleventy-two-and-a-half bazillion answers to your question scattered around the posts in this discussion, but let's put mine directly and neatly below it.

Passports and drivers licenses are simply the most common IDs that people carry on their person when they move about./me dons tinfoil hatMaking these IDs scannable wirelessly allows Big Brother to track people carrying them remotely. That innocuous looking traffic light at the crossing, that lamp post on the street corner or tha

I don't think customs is what keeps things slow - it was slowing people down so traffic at the pier isn't impossible.

Customs for me, (after a Caribbean cruise), was walking by a drug dog without slowing down, grabbing "checked" luggage from a holding area, (they picked up luggage outside your room the night before), and handing a form to the customs agent. The agent didn't even look at the form - they just grabbed them as people walked by. Total time at "customs" was less than 5 seconds.

Every security measure I've seen for RFID involves some encryption, and a "Handshake" between the reader and card. In a packed situation like an airport, it would be really easy to have an electronic device sniff this handshake, and by pretending to be a reader, lift multiple passport ID's off of people while passing by. Sounds dangerous to me.

There are certainly ways [wikipedia.org] to perform key exchanges and begin encrypted communication without being vulnerable to eavesdropping.

My understanding (which may be wrong) of the main problem with these RFID devices is that there is in fact no handshaking or encryption, and that the device will happily spill its guts to anything that asks.

Perhaps a larger (and maybe more real to Joe Sixpack) reason to be concerned is that you are even more easily pegged as an American, without any need to break the encryption or handshake (if there is one). Being identified as an American can make you a serious target in a lot of places for a lot of reasons, ranging from the terr'rists wanting to kill you to just some dude in an alley in Paris who wants to rob a rich guy instead of a poor guy. Americans tend to be rich.

There might be for the Joe-Six-Pack (and undoubtedly for government/state department agents and military personnel) some sort of mask or even a false or variable-false nationality beacon into which to slip the Real ID, umm, passport.This way, they can arrive and pretend to be from Antigua but be a diplomatic courier or even armed Marshal. But international agreements, they'll be waived in or briefly asked questions so they don't appear to be "special", meaning they likely won't be a target if hijackers are

Can you name a single example of an American abroad being killed by terrorists (or by a dude in an alley in Paris) where the motive was the victim being from America, as compared to any wealthy nation?

Can you name a single example of an American abroad being killed by terrorists (or by a dude in an alley in Paris) where the motive was the victim being from America, as compared to any wealthy nation?

Actually - any intercontinental tourist would meet these qualifications - being able to spot any passport in a nation where people don't usually carry them would be useful to thieves. Maybe not as much in Europe where you don't need much money to travel between countries - but in areas where political borders are further apart or harder to cross a passport would equal money...

That strikes me as somewhat disingenuous. The Yen has always been more closely equated with the cent than the dollar, Looking at the history [sauder.ubc.ca] of the Euro, it's pretty clear the value of your dollar is not as strong as it was, at least in comparison to the Euro (ie, you're not as rich as you were). Actually, that site [sauder.ubc.ca] is kind of interesting. The behaviour of your dollar compared to the Japanese's is very strange compared to a fairly consistent trend in the currencies of Canada, Britain, Australia, Malaysia

[...] there is in fact no handshaking or encryption, and that the device will happily spill its guts to anything that asks.

There should not be much more "guts" to spill, than the passport number itself. This will not give an attacker much information at all — other than: "There exists a passport with this number," but in those few seconds, that it takes a person to walk up to the counter, their giant picture will already be on the officer's screen for verification...

It would still be a hole, but a much smaller one than it may seem at the first suspicious glance. It will, hopefully, be further narrowed by making these passports respond to RFID-readers only when they are opened and, maybe, only when directed towards the reader — simply by making the passport's cover with some RF-blocking material.

All of these measures will make your hypothetical eavesdropper rather impractical even without encryption.

People have been using EZ-Pass and similar (oppressive) RFID-readers for many years now to go through highway robbery, ehm, tools... Yet there are no stories of EZ-Pass numbers picked-up by hidden crooks and plugged into fake EZ-Pass devices for resale... Maybe, someone is doing it, but it sounds more difficult, than crossing into the US through the Southern border.

I just don't understand what requires them to make the thing readable from 20 feet away? They don't have to be readable via RF at all. I've used optical passport scanners that work quite well, and if more information needs to be incorporated, then QR codes or some other 2-D barcode technology could be used. If they need to read my passport when I'm 20 feet short of the inspection desk, PUT THE READER 20 FEET DOWN THE LINE. You can put it at a turnstile, where I have to scan my picture page before passin

You're pretty much right, but it depends upon which govt you ask, and when.Originally, the concept was that a bus load of people could simply drive across the border and their passports would be read from the roadside as they passed. Sounds simple enough, but there was no assessment of the security. No handshake, no encryption. These designs would have lead to worse things than datatheft; think roadside bombs programmed to kill anyone with a passport in the name of Jack Bauer. Assassination was never so eas

It would seem to me that the obvious solution is that the RFID tag should only be readable when the user wishes it so. Like put a slim 10 year lithium battery in the thing and a flat button inside that the user presses that activates some logic that allows the RFID to transmit when he wishes to go through a checkpoint.

I don't see why it has to be readable all the type as if it were a store tag that prevents merchandise from being stolen.

Depends on the implementation. Public/Private key authentication works as long as you don't screw up how it's used (as in WEP). In most cases where a card-reader technology is found to be vulnerable to "sniffing", it's normally because data was unencrypted or weakly encrypted, like using a simple XOR. If it's done properly, there is no reason to assume it's any more insecure than an SSH tunnel.

Encryption doesn't matter for a passport...if you are hunting Americans and Americans are the only ones who have RFIDs in their passports.
If you have a device that detects RFIDs and you find someone walking down the street in a country outside the USA with an RFID on their person, then that person is most likely to carrying an American passport. If you are looking to kidnap or kill an American because your God has given His OK to do so (the mullah told you so), well then chances are very hig

If you are looking to kidnap or kill an American because your God has given His OK to do so (the mullah told you so), well then chances are very high that you've found one.

Americans aren't difficult to pick out even when they aren't carrying RFID-devices. And the Americans, who go through the trouble of trying to disguise themselves, will wrap their passports in foil, or something.

Even more likely, the actual RFIDs will not be broadcasting anything, until the passport is opened. That's very easy to impl

And the Americans, who go through the trouble of trying to disguise themselves, will wrap their passports in foil, or something.

Who wants to lay odds on the chances of the US government making such "obstruction and/or obfuscation, or possession of such obstruction or obfuscation device(s) or material(s)" at any time by such a passport holder highly illegal? It would follow with the rest of the brain-dead security theater "logic" we've seen so far.

Because the senator's buddies aren't interested in a mark up reselling barcode readers ($80), when they can markup RFID readers.($1700) Besides RFID is so much more tech heavy it's gotta be better. Better security theater that is. Joe Sixpack will be terribly impressed that there is a computer-thingy in his passport.

What I really don't understand about the entire discussion is this: what the border guards actually look at is not what's written on your passport; it's what's stored in their database (from which, in the case of your own citizens, the passports were generated in the first place). So all that is needed is a serial number, right? You type your SSN into a keypad (or for that matter, swipe any one of your credit cards—nobody believes that the security establishment pays any attention to data protection laws, anyway), your photo pops up on the guy's screen, and if it's you, you're through. Everything else is either a holdover from the days before networks, or a diversion.

So... what's this really about? I ask this not as a tinfoil hat question, but because I'm truly mystified.

I'll say it again. Now there's an Internet, you do not need to carry ID. The Man already has your file, and it's only because 'biometric' face recognition doesn't actually work yet that you carry any cards at all. There's no reason for cards to hold any data beyond a big number. There's no reason for them to be unique. There's no need for them to encode anything that can be used against you. There's no reason for any of this nonsense.

The only motivation I can think of for these measures is so that they can charge you more application fees for the new ID. What on earth am I missing?

Actually, one thing this article doesn't mention is whether the document has a photograph on it or not (though the article does say it can't be used for air travel which implies the document has no photo.)

So it sounds to me like the card and it's chip are just a key that opens up the ID file they use to pass you through--just as you suggested.

Every security measure I've seen for RFID involves some encryption, and a "Handshake" between the reader and card. In a packed situation like an airport, it would be really easy to have an electronic device sniff this handshake, and by pretending to be a reader, lift multiple passport ID's off of people while passing by.

Umm, no. You should really learn something about cryptography and/or RFID before making statements like this.

If these can be read from 20 feet, they're true RFID tags, not contactless smart cards. That means (a) they can't carry any more data than a single ID number and (b) they don't have any sort of encryption.

If these cards did have encryption, and the implementors weren't idiots (and they're not), then it would not be possible to eavesdrop on the communications unless your reader knew some appro

Joke's on you... DHS is forbidding passengers to carry more than one square inch of tinfoil through security, or more than three square inches in checked luggage, because it could be crumpled up and fashioned into a weapon.

Standard passports are already coming through with RFID. They can be read from up to 60 feet away. True, the standard government-issue reader has a much shorter range, but 60 feet has been demonostrated. The bad guys (those who set off bombs when Americans go by the trap, for instance) know how to do that. The new passport will probably be readable for a block or so, if an airport reader can go 20 feet.

"As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through," said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published yesterday in the Federal Register.

Hahahahaha. You have got to be fucking kidding me. I have been the United States on two separate occasions via air in the last few years and in both cases neither myself nor any of my fellow passengers were ever "waved on through" inspection. Everybody got the royal ass raping treatment and this comment by Ann Barrett is just a bureaucratic pie-in-the-sky sales job for the new passports.

Hahahahaha. You have got to be fucking kidding me. I have been the United States on two separate occasions via air in the last few years and in both cases neither myself nor any of my fellow passengers were ever "waved on through" inspection. Everybody got the royal ass raping treatment

Being an old fart I remember the BIG DEAL when "machine readable" passports were created, and the idea then was that apparently it would save a tremendous amount of time because you could just swipe your

ya.. spend a few hours in customs and save ten seonds by not having to manually read the passport... efficient use of their resources isn't it?

but because it's a real pain in the ass being treated like a "suspect" from the minute you drive to an airport until you drive out of one. Now ask me if I think the US is "winning the war on terror"?

I think we know by now that the "war on terror" isn't going to be decreasing terrorism [it is in fact increasing it] nor is it protecting freedoms or safety, it is in fact eroding freedoms that they never had the right to take away in the first place. sigh... as an American, I hope this never spreads to Canada but judging by recent events, it may indeed happen anyway...

I don't see how it would work anyway. If it had a range of an inch or so then yeah, you could wave it at a little receiver in line and when you got to the front the goon, er, customs agent would have your info up and ready. Not that that would speed things up much because he'd still have to at least grill you about what you were doing outside the country. But 20 feet?A better idea would be just to have a pre-screening clerk in line who takes your passport punches the number (scans the barcode, whatever)

I just don't travel to the USA any more. It's not worth my time or my dignity. When conferences and business meetings get scheduled, I make sure someone else goes. Inevitably they get back complaining about some jackbooted stormtrooper screaming "PAPERS! PAPERS!" at them, and vow never to go through it again.

I'm an American, and in the early 90's I took a trip to Bogota, Colombia. On the way back, I got a minor grilling on the Colombian side before leaving Bogota, but literally got waved through customs in Miami and didn't even have to break stride. Of course, that was pre-9/11 and all, but still... the US really does WANT to try to make this stuff easy to do. We're just, well, bad at it right now. For most of the past decade we've had a government run by a party who are trying to prove that government isn'

I travel a lot for my career, and in fact just returned from China with a few colleagues (CES starting in 4 days and all). The grilling I get entering other countries is a LOT less than what my colleagues received entering the US.

Does the US entry suck? Yes, it does. But in my experience in the last year when I entered Canada (driving across the border at Sumas), China, Japan, Chile, France, the UK, Indonesia and Russia I got a lot more scrutiny and more of the "ass raping treatment" you complain about

Foreign nationals can have legal residency in the US, but would normally be required to present a valid passport from their country of origin. Similarly, US citizens residing in other countries would be presenting a US passport.

"Foreign nationals can have legal residency in the US, but would normally be required to present a valid passport from their country of origin. Similarly, US citizens residing in other countries would be presenting a US passport."This is partly false. U.S. permanent residents need only present their Permanent Resident Card to enter the U.S.. Of course, if they travel anywhere that requires they have a passport they would have one from their country of citizenship anyway. But Canadians, for example, do no

however, average joe blow is going to go to niagara falls in canada, he'll be scanned and scammed as he wanders around, and by the time he drives home to schenectady that evening, someone in russia will be selling his info to someone in china

at times like these, why root against incompetence? it always seems to win

so go with the flow i say

anyone want to rent a 3rd story apt in niagara falls canada with me and point an rfid reader out the window?

however, average joe blow is going to go to niagara falls in canada, he'll be scanned and scammed as he wanders around, and by the time he drives home to schenectady that evening, someone in russia will be selling his info to someone in china

While his comrades in the US loot the victims home for profit, pretending to be "carpet installers".

I think this piece of GWB legislation must have been co-written by the mafia.

And this is a joke. I, and my family (Mexican wife and 'mixed' child) get waved through when we say "American" at the border. Now my wife is a naturalized citizen, but they take one look at me (white as can be) and we get one question before we are waived through.

As for an RFID solution, what makes that better than the 'instincts' of the Border Patrol? I think that could be faked so fast that a young male of middle eastern descent could could get through as an asian business person just because the border card said so.//Trolling, just for the fun of it. I have a lot of unearned karma....

RTFA. This is a device that you get in addition to your passport. You probably leave the device in your car, and it comes with a metallic sleeve so you can shield it when you're not crossing borders. You do not take it with you when you go traveling on a plane.

RTFA. This is a device that you get in addition to your passport. You probably leave the device in your car, and it comes with a metallic sleeve so you can shield it when you're not crossing borders. You do not take it with you when you go traveling on a plane.

Your point is moot. All US passports issued in the last year or so already have RFID's embedded in them. So it amounts to the same thing.

Furthermore, these new passports have a half-assed faraday cage built into the cover, but like so much of government it really is half-assed. All it takes is for the cover to be open by less than a centimeter, as might easily happen in lady's purse, and the RFID is no longer protected against unwanted access/detection.

I don't know about others, but the first thing I do when I get to my hotel/apartment/wherever I'm staying overseas is stick my passport in a safe and leave it there until I head home or absolutely have to use it for something. Most everybody accepts a photocopy anyways.

I understand your concern, but seriously - get that thing off your person ASAP unless you absolutely must have it on you.

I worked for a summer as an intern at a U.S. Embassy, so when it comes to your plan to run to the embassy if you're in trouble, consider the following:

1. If the trouble is criminal in nature, and you're accused of the crime, the embassy will probably just hand you over to local police. True, you can receive visits from your consular officer after you've been put in jail, but that's after the fact. Everything you've seen in Hollywood on this subject is 100% incorrect. An American Citizen Services officer I spoke with jokingly told me that his job consisted of calling parents and telling them, "yes, I know Johnny's a good boy, but he did something really stupid here, and now he's in jail. No, we can't actually do anything for him other than visit him. Sorry."

2. The consulate is used to dealing with American citizens without passports - it replaces lost/stolen ones all the time. A photocopy won't hurt you at all in that respect - just tell them your passport is lost, but present a photocopy. They may want to know more personal information, and you'll have to pay a fee, but you'll be fine.

3. If you believe the embassy will provide you great protection, think again. It's not like the movies - there is no company of Marines there to defend all the Americans in the gates. An embassy generally depends on local police for security and its small (quite small) contingent of Marine Security Guards (MSGs) for the last line of defense. Even then, their primary concern is the classified material. That said, there is nothing in this world like walking into your office and seeing a big MSG at the door. You know that, as an employee of the US Government, it'll take something approaching an army to get past that man so long as he's got breath in him and Rules of Engagement that allow him to fight. I've never been in the military, but God bless the USMC. That said, as a mere citizen, I wouldn't depend on the embassy to provide you any great protection and, if it comes down to that, do keep in mind that the embassy will likely be a big target for angry mobs.

Personally, I would recommend waiting out any big disturbance and, if things appear to only be getting worse, getting to the airport ASAP with your passport - and you'll have a much better chance of not getting your passport stolen if it was in a safe in a location you can access when everything hit the fan. And trust me, huge riots can pop up at any time, without much warning. I was in Argentina in December in 2001... what a month. I felt good knowing that my passport was in a safe, across town in a quiet part of the city, in a locked building, behind a gate, with a security guard, rather than on my person in the middle of a riot.

4. As far as hotels, at least in some European countries, it's my understanding that registering your location is a basic part of life. I believe that in Italy (could be totally off) that people are required to register (in theory) with the local police. Hotels register their clients with the police as well (I think... once again, don't take this as hard and fast truth). Your documents are generally held for this purpose. But, as this isn't too big a deal, most hotels don't push you on it.

Long story short, I'd think twice about keeping a passport on me 24/7 if I don't absolutely need to do so (as in the Russia example cited above).

What nonsense. If they could be "verified" by machine, they wouldn't need to stand in line in the first place. Travelers stand in line for physical inspection and crowd control, and the card can't help with that process. Unless it can count the books of matches in my backpack and measure my lithium battery, all it will do is save a few seconds of pulling out my wallet. Sounds neat, I guess.

The $45 card will be optional and cannot be used for air travel. Travelers can opt for a more secure, if more costly, e-passport that costs $97 and contains a radio frequency chip that can only be read at a distance of three inches. Privacy and security experts said the new passport cards that transmit information over longer distances are much less secure.

Also in the FA it is stated that all that is contained is the passport number - presumably the rest of the details get looked up.

So, here we have a card that:a) costs still more money.b) can't be used at airports (just land and sea border crossings)c) can't identify you to random strangers - they'll need access to the US passport database.

So the point of this is that when you're driving across the border from Canada, they've verified your passport details while you wait in the queue, then all they do is take a look at you and send you through to customs.

Of course, this same thing could be done by having a second checkpoint to do the Q&A stuff.

Now, can we please take all the comments about lines at the airport out of the discussion?

That is a scary thought. Depending on the passport data it need not limit itself to country of origin. It could also scan for religion affiliation or gender. As I look at the passport form I see you are asked about birth place, employer and employer. Both could be useful in targeting someone. Not to mention this is also the recipe for a very precise signature bomb in which it only targets one person. So if first name and last name match the bombs target then kaboom.

ThinkGeek.com has been selling RFID blocking wallets and passport holders for a while. I already own the wallet. It contains a Faraday cage that blocks signals from reading RFID credit cards or in my case my building security card. I've been putting off getting a passport, but I will most likely need on so I will be making yet another purchase from ThinkGeek.com. They already get most of my extra money every month.

Now if they can have you pass through WITHOUT getting checked mannually, then that would be a cool solution. Like the process on the Illinois tollway using I-Pass. The passport "light" would stay on green and the line would keep moving. The line would only stop for manual inspection when the light turns red. Combine this with a sign saying "American Passport customers only" and a bunch of manual stations. Of course, the single file line could also have dual cameras watching the faces of poeple going th

On numerous occasions, hijackers have gone through the passengers, demanding to see passports.Those that had U.S. passports (and, less frequently, British too) were singled out to be used as either human shields or the first to be executed to prove the terrorists meant their threats.

Leon Klinghoffer [wikipedia.org] on the Achille Lauro [wikipedia.org] is one classic example. A wheelchair bound, 69 year old, he was executed first because he was identified as a Jewish American.

It's not the limitations -(though I think the terms "security flaws" are more apt); it's the fact that this is the doorway through which electronic ID, microchipping, and everything else is going to come through. If you don't see the problem with carrying around a piece of ID that can be electronically read from a distance now, I think it will become readily apparent soon enough - likely within a couple of years.I am a technologist by trade and realize that most cell phones can present similar issues, and I

Do you think each car waited in line for 20 minutes while the customs official looked up their ID information on the computer? This will shave about 2 seconds off the process. They spent all that time while the travelers tried to convince the official that they were legitimate tourists/regular people instead of smugglers or terrorists. I don't see how pre-fetching their arrest record and their date of birth is going to make it any better.